Security MVP Peers Through Obscurity

Is security by obscurity always bad? MVP Jesper Johansson has co-written a great article along with Roger Grimes, in which the pair attempt to shed some light on why many consider it a waste of time (and others don't), and show you why the answer, as usual, is far more complicated than it seems at first.

Security by obscurity is, in a nutshell, a violation of Kerckhoffs' Principle, which holds that a system should be secure because of its design, not because the design is unknown to an adversary. The basic premise of Kerckhoffs' Principle is that secrets don't remain secret for very long.